This document serves as a starting point for organizations considering the engagement of an external DPO.
Published: July 2018
Now that the GDPR is in effect, many organizations need data protection officers. However, not all organizations can or need to staff the DPO role in-house — and the regulation does not require organizations to do so; Article 37(6) allows for the data protection officer role to be filled using a service contract. But what should a DPO service contract look like?.
The IAPP offers this sample document as a starting point for organizations considering the engagement of an external DPO.